CAS-003 · Question #395
CAS-003 Question #395: Real Exam Question with Answer & Explanation
The correct answer is D: Vulnerability scanner. A vulnerability scanner actively probes systems to identify installed software versions, patch levels, known CVEs, and configuration weaknesses - directly aligning with the CIO's requirement to verify that all web applications are running on the newest stable OS and application s
Question
Options
- AProtocol analyzer
- BNetwork enumerator
- CPenetration testing platform
- DVulnerability scanner
- EGRC software
Explanation
A vulnerability scanner actively probes systems to identify installed software versions, patch levels, known CVEs, and configuration weaknesses - directly aligning with the CIO's requirement to verify that all web applications are running on the newest stable OS and application stack. Vulnerability scanners also produce detailed, schedulable reports that can be delivered monthly to the audit department, satisfying both the compliance verification and reporting requirements. A protocol analyzer (A) captures network packets but does not assess software version compliance. A network enumerator (B) discovers hosts and services but provides less depth on vulnerability and version reporting. A penetration testing platform (C) is used for active exploitation exercises, not continuous compliance monitoring. GRC software (E) manages policy and compliance documentation workflows but does not actively scan systems to verify software currency.
Community Discussion
No community discussion yet for this question.